From 0dcf646385b99c50ab928485fa50f0f35c477a9b Mon Sep 17 00:00:00 2001 From: Avgustin Marinov Date: Fri, 15 Mar 2024 14:16:21 +0200 Subject: [PATCH] Fix properties files to make admin a DEFAULT tenant user (#1689) Signed-off-by: Marinov Avgustin --- .../src/main/resources/application.properties | 18 +++++++----------- .../org/eclipse/hawkbit/app/mgmt/CorsTest.java | 5 +++-- .../app/mgmt/PreAuthorizeEnabledTest.java | 10 ++++++++++ .../src/main/resources/application.properties | 17 +++++++---------- .../java/org/eclipse/hawkbit/app/CorsTest.java | 5 +++-- .../hawkbit/app/PreAuthorizeEnabledTest.java | 10 ++++++++++ 6 files changed, 40 insertions(+), 25 deletions(-) diff --git a/hawkbit-runtime/hawkbit-mgmt-server/src/main/resources/application.properties b/hawkbit-runtime/hawkbit-mgmt-server/src/main/resources/application.properties index 2cbed77b9..f12827f60 100644 --- a/hawkbit-runtime/hawkbit-mgmt-server/src/main/resources/application.properties +++ b/hawkbit-runtime/hawkbit-mgmt-server/src/main/resources/application.properties @@ -11,14 +11,15 @@ spring.application.name=mgmt-server spring.port=8080 -# User Security -spring.security.user.name=admin -spring.security.user.password={noop}admin -spring.main.allow-bean-definition-overriding=true - -# allow to auto create DEFAULT tenant (on mgmt api call) +# Define DEFAULT tenant admin user admin/admin +hawkbit.security.user.admin.password={noop}admin +hawkbit.security.user.admin.roles=TENANT_ADMIN +hawkbit.security.user.admin.tenant=DEFAULT +# allow to auto/implicit create DEFAULT tenant (on mgmt api call) hawkbit.server.repository.implicitTenantCreateAllowed=true +spring.main.allow-bean-definition-overriding=true + # Http Encoding server.servlet.encoding.charset=UTF-8 server.servlet.encoding.enabled=true @@ -34,11 +35,6 @@ spring.rabbitmq.virtual-host=/ spring.rabbitmq.host=localhost spring.rabbitmq.port=5672 -# Define own (my_user) users instead together default "admin" (system-wide) user: -#hawkbit.security.user.my_user.password={noop}isAwesome! -#hawkbit.security.user.my_user.roles=TENANT_ADMIN -#hawkbit.security.user.my_user.tenant=DEFAULT - # Enable CORS and specify the allowed origins: #hawkbit.server.security.cors.enabled=true #hawkbit.server.security.cors.allowedOrigins=http://localhost diff --git a/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/CorsTest.java b/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/CorsTest.java index 3c2d3244f..47755699f 100644 --- a/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/CorsTest.java +++ b/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/CorsTest.java @@ -14,12 +14,13 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import org.eclipse.hawkbit.im.authentication.SpRole; import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants; +import org.eclipse.hawkbit.repository.test.util.WithUser; import org.junit.jupiter.api.Test; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.http.HttpHeaders; -import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.test.web.servlet.ResultActions; import io.qameta.allure.Description; @@ -44,9 +45,9 @@ public class CorsTest extends AbstractSecurityTest { private final static String INVALID_ORIGIN = "http://test.invalid.origin"; private final static String INVALID_CORS_REQUEST = "Invalid CORS request"; - @WithUserDetails("admin") @Test @Description("Ensures that Cors is working.") + @WithUser(authorities = SpRole.TENANT_ADMIN) public void validateCorsRequest() throws Exception { performOptionsRequestToRestWithOrigin(ALLOWED_ORIGIN_FIRST).andExpect(status().isOk()) .andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOWED_ORIGIN_FIRST)); diff --git a/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java b/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java index 3b079b915..e42d61273 100644 --- a/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java +++ b/hawkbit-runtime/hawkbit-mgmt-server/src/test/java/org/eclipse/hawkbit/app/mgmt/PreAuthorizeEnabledTest.java @@ -13,6 +13,7 @@ import io.qameta.allure.Description; import io.qameta.allure.Feature; import io.qameta.allure.Story; import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.im.authentication.SpRole; import org.eclipse.hawkbit.repository.test.util.WithUser; import org.junit.jupiter.api.Test; import org.springframework.http.HttpStatus; @@ -40,4 +41,13 @@ public class PreAuthorizeEnabledTest extends AbstractSecurityTest { assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()); }); } + + @Test + @Description("Tests whether request succeed if a role is granted for the user") + @WithUser(authorities = { SpRole.TENANT_ADMIN }) + public void successIfHasTenantAdminRole() throws Exception { + mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> { + assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()); + }); + } } \ No newline at end of file diff --git a/hawkbit-runtime/hawkbit-update-server/src/main/resources/application.properties b/hawkbit-runtime/hawkbit-update-server/src/main/resources/application.properties index c9a99e1b5..e64f743bd 100644 --- a/hawkbit-runtime/hawkbit-update-server/src/main/resources/application.properties +++ b/hawkbit-runtime/hawkbit-update-server/src/main/resources/application.properties @@ -8,13 +8,15 @@ # SPDX-License-Identifier: EPL-2.0 # -# User Security -spring.security.user.name=admin -spring.security.user.password={noop}admin -spring.main.allow-bean-definition-overriding=true -# allow to auto create DEFAULT tenant (on mgmt api call) +# Define DEFAULT tenant admin user admin/admin +hawkbit.security.user.admin.password={noop}admin +hawkbit.security.user.admin.roles=TENANT_ADMIN +hawkbit.security.user.admin.tenant=DEFAULT +# allow to auto/implicit create DEFAULT tenant (on mgmt api call) hawkbit.server.repository.implicitTenantCreateAllowed=true +spring.main.allow-bean-definition-overriding=true + # Http Encoding server.servlet.encoding.charset=UTF-8 server.servlet.encoding.enabled=true @@ -35,11 +37,6 @@ spring.rabbitmq.virtual-host=/ spring.rabbitmq.host=localhost spring.rabbitmq.port=5672 -# Define own (my_user) users instead together default "admin" (system-wide) user: -#hawkbit.security.user.my_user.password={noop}isAwesome! -#hawkbit.security.user.my_user.roles=TENANT_ADMIN -#hawkbit.security.user.my_user.tenant=DEFAULT - # Enable CORS and specify the allowed origins: #hawkbit.server.security.cors.enabled=true #hawkbit.server.security.cors.allowedOrigins=http://localhost diff --git a/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/CorsTest.java b/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/CorsTest.java index 925f3341d..9b0576650 100644 --- a/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/CorsTest.java +++ b/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/CorsTest.java @@ -14,12 +14,13 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import org.eclipse.hawkbit.im.authentication.SpRole; import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants; +import org.eclipse.hawkbit.repository.test.util.WithUser; import org.junit.jupiter.api.Test; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.http.HttpHeaders; -import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.test.web.servlet.ResultActions; import io.qameta.allure.Description; @@ -44,9 +45,9 @@ public class CorsTest extends AbstractSecurityTest { private final static String INVALID_ORIGIN = "http://test.invalid.origin"; private final static String INVALID_CORS_REQUEST = "Invalid CORS request"; - @WithUserDetails("admin") @Test @Description("Ensures that Cors is working.") + @WithUser(authorities = SpRole.TENANT_ADMIN) public void validateCorsRequest() throws Exception { performOptionsRequestToRestWithOrigin(ALLOWED_ORIGIN_FIRST).andExpect(status().isOk()) .andExpect(header().string(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOWED_ORIGIN_FIRST)); diff --git a/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java b/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java index 6345d559b..da842e1fe 100644 --- a/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java +++ b/hawkbit-runtime/hawkbit-update-server/src/test/java/org/eclipse/hawkbit/app/PreAuthorizeEnabledTest.java @@ -13,6 +13,7 @@ import io.qameta.allure.Description; import io.qameta.allure.Feature; import io.qameta.allure.Story; import org.eclipse.hawkbit.im.authentication.SpPermission; +import org.eclipse.hawkbit.im.authentication.SpRole; import org.eclipse.hawkbit.repository.test.util.WithUser; import org.junit.jupiter.api.Test; import org.springframework.http.HttpStatus; @@ -40,4 +41,13 @@ public class PreAuthorizeEnabledTest extends AbstractSecurityTest { assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()); }); } + + @Test + @Description("Tests whether request succeed if a role is granted for the user") + @WithUser(authorities = { SpRole.TENANT_ADMIN }) + public void successIfHasTenantAdminRole() throws Exception { + mvc.perform(get("/rest/v1/distributionsets")).andExpect(result -> { + assertThat(result.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()); + }); + } } \ No newline at end of file